Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.
This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
AnalysisAI
NULL pointer dereference in Samsung's open-source Walrus WebAssembly runtime crashes the parser when processing malformed WASM binaries, resulting in denial of service. The vulnerability exists in the WASMBinaryReader component (WASMParser.cpp) at commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9, where multiple error-handling code paths fail to return early, allowing execution to continue past invalid state and dereference null pointers. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Technical ContextAI
Walrus (cpe:2.3:a:samsung_open_source:walrus:*:*:*:*:*:*:*:*) is Samsung's open-source WebAssembly runtime engine, which relies on a forked and extended version of the wabt (WebAssembly Binary Toolkit) library for binary parsing. The vulnerability (CWE-476: NULL Pointer Dereference) resides in the WASMBinaryReader class within src/parser/WASMParser.cpp and its associated delegate in third_party/wabt/src/walrus/binary-reader-walrus.cc. The parser processes WASM binary sections sequentially; when a malformed or adversarially crafted WASM file triggers an internal parse error, the absence of early-return guards in at least eleven distinct code paths allows the parser to continue operating on invalid or null state. The fix in PR #409 adds explicit return statements at each of these paths, introduces a PARSER_RESOURCE_LIMIT check for local declaration counts, refactors m_walrusParseError storage from WASMBinaryReader into the base WASMBinaryReaderDelegate class, and adds a CheckParseError() method to BinaryReaderDelegateWalrus to propagate error state cleanly.
RemediationAI
The primary fix is to apply the upstream patch from GitHub PR #409 (https://github.com/Samsung/walrus/pull/409), which adds early-return guards throughout the WASM binary parser and introduces resource limit enforcement for local declarations. Upstream fix is available via the PR commit; a released patched version has not been independently confirmed, so consumers of Walrus should build from the patched branch or cherry-pick the changes into their deployment. Organizations that embed Walrus in a product should monitor the Samsung/walrus GitHub repository for a tagged stable release incorporating this fix. As a compensating control prior to patching, applications using Walrus should validate WASM binary inputs against a strict schema or byte-level allowlist before passing them to the parser, and should run the Walrus parser in an isolated process or sandbox so that a crash does not affect the broader application. Restricting the sources from which WASM binaries are accepted (e.g., rejecting user-supplied or externally-fetched WASM in production) directly reduces attack surface at the cost of reduced functionality.
Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att
Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30836
GHSA-v22h-74vw-3j73